I’m not too familiar with OAuth2 and would like some advice on implementing access control to Restful web services that are used by SPA’s (single page apps).
I’d like to use a CMS as a single sign on entry point where users login/register via the CMS and are therefore authenticated via a session cookie in the normal way.
They would then be shown a menu with links to CMS pages that are actually entry points to SPA’s - they load the various JS resources etc.
A page that loads an SPA will have access control via the normal mechanisms of the CMS but the web services behind it will be built with Yii2.
I have a plugin for the CMS that allows management of OAuth2 providers - params: key, secret, redirect url / end points: oauth/authorize, oauth/request_token, oauth/request_access - but I don’t really understand how all this can be used to provide authentication to the web services.
Can anyone help me shortcut my understanding of OAuth2 in this scenario?